CVE-2025-65540

Medium CVSS: 6.1

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.

Vendor

Exrick

Product

Xmall

CWE

CWE-79

Yayın Tarihi

2025-11-29 04:15:56

Güncelleme

2025-12-23 16:05:35

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Xmall MEDIUM Exrick 2025

Referanslar

https://github.com/Exrick/xmall/issues/101

Benzer Kayıtlar

High

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users'…

Medium

CVE-2025-8527

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown pr…

Medium

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of…

Medium

CVE-2025-8526

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the…

Medium

CVE-2025-8525

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown pa…

Critical

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.